tag:blogger.com,1999:blog-51870672024-03-05T01:05:03.036-06:00Chris Lehr's Microsoft blogActive Directory, Exchange, Windows, Lync, Skype for Business and Office 365 how-to's and tips and tricks as we pick them up. Feel free to pass on anything you see here, and PLEASE subscribe to our RSS feed, and leave comments if you find our posts helpful!Chris Lehrhttp://www.blogger.com/profile/12048658420556993119noreply@blogger.comBlogger111125tag:blogger.com,1999:blog-5187067.post-88797965970631973342021-04-13T11:08:00.001-05:002021-04-13T11:08:10.992-05:00Selecting the tenant SMTP address from get-mailbox's emailaddresses attribute When performing tenant to tenant migrations, it's critical to use their tenant address so that post vanity domain name removal you can still reference and access the source side tenant. For some time I did this pretty manually, while knowing there had to be a better way. So without much more chatter, here's how I do this in Excel now.First, get-mailbox -resultsize unlimited | Chris Lehrhttp://www.blogger.com/profile/12048658420556993119noreply@blogger.com0tag:blogger.com,1999:blog-5187067.post-36537535645543886252019-01-17T17:28:00.000-06:002019-01-17T17:28:00.371-06:00Reporting on Office versions in use using MAPI over HTTPS logs and LogParserWay back in 2014, I blogged about using LogParser to report on Office versions from RPC over HTTPS logs, and I am happy to say it was one of my most referenced articles - and many times, it was referenced by me. Well, it's now 2019, and after five whole years I had to revisit this finally when a customer moving to the cloud had been using Exchange 2016 already and had transitioned to MAPI Chris Lehrhttp://www.blogger.com/profile/12048658420556993119noreply@blogger.com0tag:blogger.com,1999:blog-5187067.post-32101017851087476882018-01-24T16:37:00.001-06:002018-01-24T16:50:19.244-06:00Exchange - Changing from ForwardingAddress to ForwardingSMTPAddress for multiple mailboxesWhoa, has it really been almost TWO YEARS since I've posted? Well, if you still follow over here, be sure to follow me on twitter at https://twitter.com/chrislehratx - I tend to share out articles, blogs, and oneliners related to the Microsoft Exchange and/or Skype products over there. Far more frequent updates than here. But today, my script went from a one-liner to a Chris Lehrhttp://www.blogger.com/profile/12048658420556993119noreply@blogger.com0tag:blogger.com,1999:blog-5187067.post-4098427858321799782016-03-16T13:18:00.000-05:002016-03-16T13:32:42.030-05:00Configuring Skype for Business CDR and QoE Reporting services to be highly availableFrequently I see
customers successfully implement CDR and QoE reporting on two SQL reporting
servers, but find that their reporting services web URL only works on the SQL
server that is the primary node for these databases. When you attempt a connection to the SQL
Reporting server that the databases are not mounted on, you receive an error
similar to the below:
An Chris Lehrhttp://www.blogger.com/profile/12048658420556993119noreply@blogger.com0tag:blogger.com,1999:blog-5187067.post-69929219614925894212015-11-09T16:22:00.000-06:002015-11-09T16:22:21.103-06:00Find all Exchange mailboxes missing an Office 365 license in one line of code<!--[if gte mso 9]>
Normal
0
false
false
false
EN-US
X-NONE
X-NONE
MicrosoftInternetExplorer4
<![endif]-->
<!--[if gte mso 9]>
Chris Lehrhttp://www.blogger.com/profile/12048658420556993119noreply@blogger.com0tag:blogger.com,1999:blog-5187067.post-39754739154120384522015-10-28T10:17:00.000-05:002016-01-14T21:05:51.698-06:00Setting permissions for AADSync and password write-backI love scripting things to save time, so when I found this article a while back on using PowerShell to configure the AADSync service account permissions, I bookmarked it, retweeted it and used it several times since then.
Today, I implemented Password Writeback, and the article only had two permissions set for it. In testing, I found users received an error, but their password was Chris Lehrhttp://www.blogger.com/profile/12048658420556993119noreply@blogger.com0tag:blogger.com,1999:blog-5187067.post-58544944784453262122015-10-15T11:03:00.003-05:002015-10-15T13:18:38.828-05:00Skype for Business for iOS releasedThis week, Microsoft announced the availability of the Skype for Business client as an update to the existing Lync 2013 client in the app store.
There has been a lot of feedback on social media regarding some of the changes and the issues being found so I have decided to try and collect some and post workarounds here.
I updated my apps, but I don't see Skype for Business. Yes, for some Chris Lehrhttp://www.blogger.com/profile/12048658420556993119noreply@blogger.com0tag:blogger.com,1999:blog-5187067.post-43716970162044221922015-10-07T11:24:00.001-05:002015-11-10T15:23:05.819-06:00Porting numbers in Skype for Business OnlineToday, Microsoft announced additional preview options in S4B Online. One of which is number portability. This is a huge step towards adoption - we can now tell customers we can port existing PSTN numbers to the Microsoft cloud.
Here's how it works:
Log into your Skype for Business Admin portal in office 365
Click on Voice, then "Port Orders (preview)"
Note the text - you will need aChris Lehrhttp://www.blogger.com/profile/12048658420556993119noreply@blogger.com0tag:blogger.com,1999:blog-5187067.post-25582274102757529142015-09-17T22:38:00.000-05:002015-09-17T22:40:00.991-05:00Spin up quick labs in Hyper-VWrote this a few days back to script spinning up VMs to test in lab. Not putting on TechNet, but if you use it and have recommendations, please post in comments. Using the lab build from @expta, I was able to get 6 VMs in about 8 minutes ready to go!
$vmpath = "c:\virtual machines"$vmswitch = "LAN"$templatepath = "c:\templates\w2012r2-template-sysprepped.vhdx"$servers = ("fe1","fe2"Chris Lehrhttp://www.blogger.com/profile/12048658420556993119noreply@blogger.com0tag:blogger.com,1999:blog-5187067.post-17174056115455880612015-08-25T21:10:00.000-05:002015-08-28T10:37:14.926-05:00Skype for Business Server 2015 Protocol Poster 24x36One of my favorite things Microsoft has done for every flagship product was a Visio and PDF poster, suitable for framing. It really was handy with Lync as the number of protocols and workloads got higher, it was great to have a reference.
Here's a picture of my Lync 2013 poster in my office today - I've had this for almost 3 years now!
So of course, earlier this year, Microsoft Chris Lehrhttp://www.blogger.com/profile/12048658420556993119noreply@blogger.com1tag:blogger.com,1999:blog-5187067.post-89145142545239193712015-07-10T11:50:00.002-05:002015-07-10T16:31:20.789-05:00Parse-TransportLogs - Which IPs on my network are sending SMTP through that connector?I get asked this at some point in almost every Hybrid migration. The answer is always to turn up your SMTP logging to get those details. The problem is that parsing that data is difficult. Unlike an HTTP log where each hit was a transaction, SMTP logs contain the entire SMTP conversation, so one transaction can be 10-30 lines in an SMTP log file.
Additionally, SMTP logs store the Chris Lehrhttp://www.blogger.com/profile/12048658420556993119noreply@blogger.com0tag:blogger.com,1999:blog-5187067.post-55311947648247210212015-07-08T17:34:00.002-05:002015-07-25T15:19:57.365-05:00SIP DHCP Option 120 DeMystifiedOn the surface, Option 120 seems simple - it's the Pool FQDN, encrypted.
Everyone knows to run the DHCPUtil.exe -sipserver server.domain.com and it spits out a long hex value for you. Option 43 is a little fancier, and gets more press. Option 120 seems straightforward in comparison. What if I asked you to create the hex code without DHCPutil? Sure sounds easy, you take Chris Lehrhttp://www.blogger.com/profile/12048658420556993119noreply@blogger.com2tag:blogger.com,1999:blog-5187067.post-86277619857320697662015-06-29T14:17:00.005-05:002015-08-24T14:49:44.334-05:00Using GAM to extract tenant data for a Google Apps to Office 365 migration
Google to Office 365
migrations are fairly complex for several reasons:
While coexistence is
possible, it is difficult to configure and more difficult to communicate
to your users effectively.
The end user experience is
vastly unique, so communication plans need to be robust
Because a cutover migration
tends to be more effective, it requires a lot of forethought to Chris Lehrhttp://www.blogger.com/profile/12048658420556993119noreply@blogger.com0tag:blogger.com,1999:blog-5187067.post-51033091958070165012015-06-17T17:21:00.001-05:002015-06-17T17:21:31.685-05:00Manipulating LogParser Data in Excel to prepare for Office 365In a post I made back about a year ago, I posted about how to collect RPC logs to determine Outlook versions your organization is using.
It's been a pretty popular article, but I kind of didn't document the Excel part so I am circling back today to strengthen this aspect of the How-to.
So, starting with the CSV in that article:
Open the CSV in Excel
Hit Ctrl-A and select "format as a table"Chris Lehrhttp://www.blogger.com/profile/12048658420556993119noreply@blogger.com0tag:blogger.com,1999:blog-5187067.post-33810162020438338942015-06-09T14:26:00.003-05:002015-06-09T14:29:46.015-05:00O365 - Unknown Error adding a vanity domainProblem:
Adding a domain in Office 365 Web UI, you add a domain name, get the verification DNS record created, click on verify and you get an "Unknown error" You receive the same if you use Confirm-MSOLdomain. If you use the Web UI, you will have the added pain factor that every time you attempt a verification, the DNS entry will change on you. Especially frustrating if Chris Lehrhttp://www.blogger.com/profile/12048658420556993119noreply@blogger.com1tag:blogger.com,1999:blog-5187067.post-40256273618882376182015-06-04T13:33:00.001-05:002015-06-04T13:33:03.266-05:00SQL 2014 AlwaysOn Deployment for Skype for Business Server 2015Ran through this in production for the first time using the excellent TechNet blog here.
Not going to reiterate much of that blog as it is fairly complete, but I hit a few errors along the way that I want to share.
Launching SQL 2014 PowerShellI searched a while for this. Unlike Lync, AD and other PowerShell, there isn't really an import-module sqlps, even though several articles Chris Lehrhttp://www.blogger.com/profile/12048658420556993119noreply@blogger.com0tag:blogger.com,1999:blog-5187067.post-13002239969011004682015-06-04T12:13:00.001-05:002015-06-04T12:42:27.191-05:00Skype for Business, Lync 2013, Skype Directory and TCP/4443Wanted to clear up a little confusion on this. Thanks to other bloggers for posting the how-to on configuring the Skype Directory and of course the TechNet article on deployment.
After seeing several posts regarding additional port requirements, I decided to investigate further. There are TWO port requirements for this functionality. (there is not a "Consolidated Edge Chris Lehrhttp://www.blogger.com/profile/12048658420556993119noreply@blogger.com0tag:blogger.com,1999:blog-5187067.post-76893242015297295202015-05-20T22:41:00.002-05:002015-05-21T08:40:09.601-05:00S4B Lesson Learned - ensure you have ample time between FE update and Edge update on any certificates!One of the risks of being an always on environment that plays with new software with engineers worldwide is that sometimes you have unsuspected outages.
Scenario:
You are in the middle of a Lync to S4B migration with in place upgrades planned.
You update the FE pool (upgrade in S4B topology builder) and run the in place upgrade (IPU thanks to Keif for this TLA)
The associated Lync 2013 Edge Chris Lehrhttp://www.blogger.com/profile/12048658420556993119noreply@blogger.com0tag:blogger.com,1999:blog-5187067.post-31439401368426495592015-05-12T14:34:00.000-05:002015-05-12T14:34:19.572-05:00Azure AD licensing with O365 PowerShellI won't go into the depths of Azure AD licensing or the powershell licensing as already provided serveral places on the Internet, but I have not seen the Azure AD MSOLAccountSku for the new Azure AD products published much. These are:
AAD_BASIC
Azure Active
Directory Basic
AAD_PREMIUM
Azure Active
Directory Premium
MFA_PREMIUM
Azure Chris Lehrhttp://www.blogger.com/profile/12048658420556993119noreply@blogger.com0tag:blogger.com,1999:blog-5187067.post-8424629718778955972015-05-06T21:00:00.000-05:002015-05-06T21:41:44.758-05:00Exchange On Premises Script - Build-EXOReceiveConnectorRemoteRange.ps1 - Configure Exchange Online Transport connectors to only allow connections from EXOIf you are a Hybrid organization with Exchange ON Premises and Exchange Online, and you chose to implement centralized Transport to ensure all Internet SMTP traffic went through your on premises, one of the steps has been to update your Hybrid receive connectors to only allow connections from Exchange Online servers and IP addresses as listed here.
After multiple times polling this list and Chris Lehrhttp://www.blogger.com/profile/12048658420556993119noreply@blogger.com0tag:blogger.com,1999:blog-5187067.post-3664459901760924122015-04-30T15:59:00.001-05:002015-08-12T17:33:27.141-05:00AADSync - Increase error limit 5000 - stopped-error-limitSometimes large orgs have large errors that they need ignored. By default, Azure AD Sync (the new DirSync) has a limit of 5000 errors before it will cease synchronizing. Of course, you could also filter the OUs with known errors to not be synchronized, I can still see a use case where you would want known errors to continue reporting without preventing sychronization.
If you are Chris Lehrhttp://www.blogger.com/profile/12048658420556993119noreply@blogger.com0tag:blogger.com,1999:blog-5187067.post-43498242939045433322015-04-29T10:07:00.002-05:002015-04-29T10:11:14.978-05:00PowerShell and testing connectivity with Test-NetConnectionI have been working in IT long enough to see people stick to their old habits begrudgingly, and I had the realization today that one of the ones I was still holding on to was an inherent need for telnet.exe as a troubleshooting tool.
Let's face it, it is compact, a low security risk to have installed, but it having not been included by default on modern Operating Systems has forced me to Chris Lehrhttp://www.blogger.com/profile/12048658420556993119noreply@blogger.com0tag:blogger.com,1999:blog-5187067.post-29740636728964802262015-04-20T14:00:00.000-05:002016-02-06T12:42:13.739-06:00Install-PowerShellOptions.ps1 - Script to deploy and connect to on premises and cloud Microsoft servicesI developed the Install-PowerShellOptions.ps1 script for one reason. I am constantly looking for the right shell download, or connection string, and after years of having my handy EXOConnect.ps1, I wanted one that also pre-loaded the modules for me.
The menu is now interactive, and build the Install or Connect options based on what software is already installed on your PC. When you Chris Lehrhttp://www.blogger.com/profile/12048658420556993119noreply@blogger.com0tag:blogger.com,1999:blog-5187067.post-37513205431784554942015-04-09T12:01:00.002-05:002016-03-23T19:38:31.798-05:00Lync 2013 Archiving to Exchange 2013
For compliance
reasons, I've always recommended that customers configure Lync archiving. Unlike email, IM messaging is usually not a
very large data set, and while the Lync client does have the option to save the
conversation history in Outlook and Exchange, those folders are visible to end
users and they can also empty and clean those folders out to cover tracks.
Ever since Exchange
Chris Lehrhttp://www.blogger.com/profile/12048658420556993119noreply@blogger.com1tag:blogger.com,1999:blog-5187067.post-45840796935366480702015-03-27T00:39:00.000-05:002015-03-27T00:39:01.940-05:00Exchange 2013 and RMS on Windows 2012 R2 getting UnsupportedCryptographicSetException errorWell, I never really considered myself an RMS guy, but I guess this month has changed things some. After my last article, I was running through a test plan, when I came to find that the Test-IRMConfiguration was failing on one server (the entire time of this project, I had only really focused on the Exchange servers in the same datacenter. The exact failure seen below is identical to Chris Lehrhttp://www.blogger.com/profile/12048658420556993119noreply@blogger.com0